Hi,
We did find a solution. SAP also created a note detailing a work-around in the scenario I identified.
1874339 - Disabling the SAML2 login module via URL allowing user/password login instead.
Basically, just add to the end of the url the following: ?saml2=disabled
Example, calling /nwa with SAML2 disabled: http://<hostname>:<port#>/nwa?saml2=disabled
By doing this, the SAML2 login module will be skipped allowing the BasicPasswordLoginModule to be called thus allowing you to log in with a user and password.
This will work for anything else currently using the SAML login module, such as /irj (sap portal). The added benefit for this is helping with testing/qa purposes so you can test against the full infrastructure in place and just bypass the SSO capability.
I hope this helps.
Aaron